Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

mhx writes "A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of 'invisible' messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked."

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft-based devices. Another pair of SMS bugs in the iPhone and Google's Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

FYI: It's not that one character can break your iPhone, it's about 512 text messages sent at your phone, causing certain buffer overflows. The proof on concept ended up where the slew of messages (apparently arrived at originally by fuzzing) winds up only showing one visible character (appears as a box).

The author said that it could probably be refined so that it wouldn't send anything that would show up.

Not necessarily, it just has to come over the (wireless) network. There's nothing stopping you simulating a cell tower and sending an SMS (which is just a GSM control packet) to any phone within range.

You can turn off SMS: contact AT&T and tell them to disable SMS for your phone number. This is exactly what I've done and I highly recommend it. I save $5/month in texting charges, and I can still send and receive texts for free. Here's how:

1. Sign up for Google Voice.2. Tell people your new Google Voice "texting" number (and use it for voice if you want).3. Buy Prowl at the App Store for $2.994. Push your Google Voice SMS messages to your iPhone via Prowl. You can do it with Fluid and a script [morouxshi.com] on a Mac.5. ???6. PROFIT!!! (free texting)